Current release: v0.3.0

Consent gating for OpenClaw on Linux VMs

Simpler architecture. Fail-closed egress. External approval.

MCP is how agents use tools. ACP is how humans control agents.

terminal
$ npm install -g agent-2fa
$ sudo -u openclaw -H acp init --channel=telegram
$ sudo acp start openclaw --openclaw-user=openclaw
# ACP mediates outbound traffic and prompts for consent.
Get Started Agent Setup Prompt Read README
Architecture

VM-first in v0.3.0

ACP runs as a host process, OpenClaw runs as a non-root Linux user, and nftables restricts outbound traffic to the ACP mediation path.

OpenClaw (uid)
ACP Proxy + Policy
Consent Channel
Allow / Deny
1

Enforce egress

nftables rules scoped to the OpenClaw user block direct outbound traffic and allow loopback proxy mediation.

2

Gate decisions

ACP policy decides allow, ask, or deny. Ask decisions require explicit human consent.

3

Audit outcomes

Decisions are written to audit JSONL with action metadata and verdict details.

Setup

Install in four commands

Host prerequisites (once): sudo apt-get update -y && sudo apt-get install -y nftables build-essential
Minimum 2 GB RAM+swap recommended. Or give your agent the Agent Setup Prompt.

1

Install ACP

bash 
npm install -g agent-2fa
2

Create runtime user

bash 
sudo useradd -m -s /bin/bash openclaw || true
3

Initialize consent channel

bash 
sudo -u openclaw -H acp init --channel=telegram
4

Start VM mode

bash 
sudo acp start openclaw --openclaw-user=openclaw
Agent Setup Prompt

Let your agent install it for you

Paste this into any AI coding agent (Claude, Cursor, etc.) connected to your Linux VM.

prompt 
Install ACP (Agent Consent Protocol) v0.3.0 on this Linux VM.

Follow the instructions at:
https://github.com/o1100/Agent-Consent-Protocol/blob/main/OPENCLAW-INSTALL.md

Summary of steps:
1. Install host deps: sudo apt-get update -y && sudo apt-get install -y nftables build-essential ca-certificates
2. Install ACP: sudo npm install -g agent-2fa && acp --version
3. Create runtime user: sudo useradd -m -s /bin/bash openclaw || true
4. Configure: sudo -u openclaw -H acp init --channel=telegram
   (I will provide the Telegram bot token, chat ID, and Anthropic key when prompted)
5. Start: sudo acp start openclaw --openclaw-user=openclaw
6. Validate: confirm nftables rules are active, proxy is listening, and OpenClaw gateway is running

If npm install fails with build errors, ensure build-essential is installed.
Minimum 2 GB RAM+swap required — add swap if needed.
Current Limits

By default, ACP config under /home/openclaw/.acp is user-writable. For stronger tamper resistance, move config/policy/state to root-owned paths and run a hardened root-owned systemd unit.

v0.2 Delta

What changed in v0.3.0

The project now prioritizes Linux VM OpenClaw reliability over broad, generic container-first positioning.

Area v0.2 v0.3.0
Primary deployment Generic/earlier model Linux VM + OpenClaw
Main enforcement focus Mixed model VM egress mediation
Docker contain path Primary story Legacy compatibility
Cross-platform expectation Broader Linux-first
Full Delta Notes Install Runbook